General
-
Target
REQUEST ORDER_PDF TT9978493943004855880209248948394809304034_PDF.exe
-
Size
2.8MB
-
Sample
200709-949cmdcq7n
-
MD5
338fc5b0f469b1b2cdc2d1664b7b0eb5
-
SHA1
35d438386cefe96b2ad2bea9787bda6df9cf7ccf
-
SHA256
ff74f7d87e11ad84ec0eeeafb8a2c4dd8ae85737db02aaa5cc812fdc83c916a5
-
SHA512
fd1b642852cfc2410792bda84862dc965875f509675651a912cd5c88faea2d1350667fcfb5e480855c7f7a1651df590a00f4d1111773a82f6f2035148fe012a2
Static task
static1
Behavioral task
behavioral1
Sample
REQUEST ORDER_PDF TT9978493943004855880209248948394809304034_PDF.exe
Resource
win7
Behavioral task
behavioral2
Sample
REQUEST ORDER_PDF TT9978493943004855880209248948394809304034_PDF.exe
Resource
win10v200430
Malware Config
Extracted
Protocol: smtp- Host:
smtp.teledata-fn.de - Port:
587 - Username:
[email protected] - Password:
Winterinfo@2019.
Targets
-
-
Target
REQUEST ORDER_PDF TT9978493943004855880209248948394809304034_PDF.exe
-
Size
2.8MB
-
MD5
338fc5b0f469b1b2cdc2d1664b7b0eb5
-
SHA1
35d438386cefe96b2ad2bea9787bda6df9cf7ccf
-
SHA256
ff74f7d87e11ad84ec0eeeafb8a2c4dd8ae85737db02aaa5cc812fdc83c916a5
-
SHA512
fd1b642852cfc2410792bda84862dc965875f509675651a912cd5c88faea2d1350667fcfb5e480855c7f7a1651df590a00f4d1111773a82f6f2035148fe012a2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Modifies WinLogon for persistence
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-